Report - www.shellterproject.com/Downloads/Shellter/Old/Shellter

Report Overview

Submitted URL
www.shellterproject.com/Downloads/Shellter/Old/Shellter_v2.1.zip
IP
38.242.134.114
ASN
#51167 Contabo GmbH
Submitted
2024-05-03 22:53:42
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.shellterproject.com	unknown	2014-04-23	2017-02-25	2024-04-18	518 B	282 kB	38.242.134.114

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-05-03	medium	www.shellterproject.com/Downloads/Shellter/Old/Shellter_v2.1.zip	Hunting_Rule_ShikataGaNai

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.shellterproject.com/Downloads/Shellter/Old/Shellter_v2.1.zip
IP
38.242.134.114
ASN
#51167 Contabo GmbH

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
281 kB (281277 bytes)
Hash
2a667ebb781c1fe31e0f75670e8a90b1
2ff231aa95d55f99c1d91e9ab863430c930361fc
9ed09da7e53058d30300a2b03a4f3f06f9505d70829cd76fd846c9b76447b3e9

Archive (11)

Filename

Md5

File type

faq.txt

46960c1988267c692f0aada86aaed8a7

ASCII text, with CRLF line terminators

shellter.ico

7110599992da5de30f20e8d00a0039ae

MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel

license.txt

7fca865c806dac9a82b19e021337daaa

ASCII text, with CRLF line terminators

readme.txt

8296581a08bdb23ca47b583acbebd9d7

ASCII text, with CRLF line terminators

calc

b69936d29c02434eca5b59fa4ddcf77c

data

calcenc

8504412d24964408a78c39b17db1783b

data

info.txt

b726d7919cab63facf1795499b454e9e

ASCII text, with CRLF line terminators

krb1

774a5c3d26017c021619247fa7c3e579

data

krb3

e9fd96d1a9f83de90511ba8b31d71a63

data

shellter.exe

7181ece9b6828a34aace2e773b8b8aee

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

version_history.txt

8c0b1e95f8a5e6f83718a55877be4bf2

ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_peb_parsing
Elastic Security YARA Rules	malware	Windows.Shellcode.Generic
Elastic Security YARA Rules	malware	Windows.Trojan.Metasploit
YARAhub by abuse.ch	malware	meth_get_eip
Public Nextron YARA rules	malware	Hunting_Rule_ShikataGaNai
YARAhub by abuse.ch	malware	meth_stackstrings
Public Nextron YARA rules	malware	Hunting_Rule_ShikataGaNai
VirusTotal	suspicious	VirusTotal - Scan result 2/54

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

www.shellterproject.com/Downloads/Shellter/Old/Shellter_v2.1.zip

38.242.134.114

200 OK

281 kB

URL User Request GET HTTP/1.1
www.shellterproject.com/Downloads/Shellter/Old/Shellter_v2.1.zip
IP
38.242.134.114:443
ASN
#51167 Contabo GmbH

Certificate
IssuerLet's Encrypt
Subjectcpcalendars.shellterproject.com
Fingerprint98:C5:82:E3:AE:81:68:BC:8C:D0:88:68:47:17:03:6F:37:28:B5:BB
ValiditySun, 14 Apr 2024 10:12:10 GMT - Sat, 13 Jul 2024 10:12:09 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
281 kB (281277 bytes)
Hash
2a667ebb781c1fe31e0f75670e8a90b1
2ff231aa95d55f99c1d91e9ab863430c930361fc
9ed09da7e53058d30300a2b03a4f3f06f9505d70829cd76fd846c9b76447b3e9

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Hunting_Rule_ShikataGaNai
VirusTotal	suspicious	VirusTotal - Scan result 2/54

HTTP Headers

GET /Downloads/Shellter/Old/Shellter_v2.1.zip HTTP/1.1
Host: www.shellterproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 03 May 2024 22:53:17 GMT
Server: Apache
Last-Modified: Sat, 07 Feb 2015 11:18:18 GMT
Accept-Ranges: bytes
Content-Length: 281277
Vary: User-Agent
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/zip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (11)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers